Probably need to adjust code to deal with self-remmapping program

[s0duku]

https://github.com/x64dbg/ScyllaHide/blob/master/HookLibrary/HookedFunctions.cpp

Patch_ImageBase + Patch_NtHeaders->OptionalHeader.SizeOfImage and RtlImageNtHeader access the main module memory section every time after a syscall return.

Normally this will not be a problem, but when dealing with the self-remmaping code (return from the unmap syscall), it crash the process.

Currently, I just use global variables to store the value, maybe still not good enough, but works fine for me, so I suggest to ajust this part of codes to counter self-remmaping codes.

// to counter self-remmaping code
static PVOID PE_ImageBase = NULL;
static PIMAGE_NT_HEADERS PE_NtHeaders = NULL;
static ULONG_PTR PE_ExeMaxAddr = NULL;

extern "C"
ULONG_PTR
NTAPI
InstrumentationCallback(
    _In_ ULONG_PTR ReturnAddress, // ECX/R10
    _Inout_ ULONG_PTR ReturnVal // EAX/RAX
    )
{
    if (InterlockedOr(TlsGetInstrumentationCallbackDisabled(), 0x1) == 0x1)
        return ReturnVal; // Do not recurse

    if (!PE_ImageBase)
        PE_ImageBase = NtCurrentPeb()->ImageBaseAddress;
    if (!PE_NtHeaders)
        PE_NtHeaders = RtlImageNtHeader(PE_ImageBase);
    if (!PE_ExeMaxAddr)
        PE_ExeMaxAddr = (ULONG_PTR)PE_ImageBase + PE_NtHeaders->OptionalHeader.SizeOfImage;
.......
}